Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Tembria Server Monitor HTTP Request DoS Tembria Server vulnerability is caused due to an error in the processing of HTTP requests sent to the included web server. CVE-2010-1316 Denial of Service/Remote Windows
Solar FTP Server DoS Solar FTP Server is prone to a Denial of Service condition. It fails to properly sanitize user-supplied input with a specially crafted "USER" command, a remote attacker can potentially disable the FTP service. NOCVE-9999-47271 Denial of Service/Remote Windows
Microsoft Windows SMB 2.0 Negociate Protocol Request Remote BSOD DoS This module exploits a remote denial of service condition by sending a specially crafted SMB 2.0 packet to the target machine. Windows Vista and 7 are affected by this problem. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-40005 Denial of Service/Remote Windows
Microsoft Windows SMB Pathname Overflow DoS (MS10-012) Update This update adds shared folders detection. This module exploits a vulnerability on srv.sys when it executes a rename command into shared folder using a long pathname. CVE-2010-0020 Denial of Service/Remote Windows
TYPSoft FTP Server RETR DoS This module shuts down the TYPSoft FTP Server because it fails to properly handle user-supplied malformed packets using for login the Anonymous user provided by default for the program CVE-2005-3294 Denial of Service/Remote Windows
PHP Hash Table Collisions DoS This module sends HTTP requests with specially crafted data making the PHP interpreter to consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-4885 Denial of Service/Remote Solaris, AIX, Windows, Linux, OpenBSD, FreeBSD
Microsoft Windows SMTP Server MX Record Vulnerability DoS (MS10-024) This module exploits a vulnerability on Microsoft Windows SMTP Server 64 bits sending a malformed DNS response from a spoofed DNS Server. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0024 Denial of Service/Remote Windows
Microsoft Windows SMB Trans Buffer Overflow DoS (MS09-001) This module exploits a remote vulnerability on Trans operation via a malformed CreateWithSdOrEa SMB command on the srv.sys driver. CVE-2008-4834 Denial of Service/Remote Windows
Microsoft Windows Remote Desktop Protocol DoS (MS12-020) Update This update fixes the failure when running this module on multiple systems. CVE-2012-0002 Denial of Service/Remote Windows
Microsoft Windows Print Spooler Service Format String Vulnerability DoS (MS12-054) Update This update provides a better documentation for this module CVE-2012-1851 Denial of Service/Remote Windows
MSRPC UMPNPMGR MS05-47 DoS This module exploits a buffer overflow and force the remote machine to reboot (MS05-047). CVE-2005-2120 Denial of Service/Remote Windows
Control Microsystems ClearSCADA Remote DoS This module exploits a vulnerability in the ClearSCADA Server service by sending a malformed packet to the 5481/TCP port to crash the application. NOCVE-9999-47161 Denial of Service/Remote Windows
MSRPC MSDTC Allocation MS06-018 DoS Update This is a denial of service exploit for a vulnerability in the MSDTC component of windows systems (MS06-018). This update fixes the correct CVE number (CVE-2006-1184) CVE-2006-1184 Denial of Service/Remote Windows
VicFTPS Server LIST Command DoS VicFTPS is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. CVE-2008-2031 Denial of Service/Remote Windows
Microsoft ASP.NET Hash Table Collisions DoS (MS11-100) This module sends HTTP requests with specially crafted data making the ASP.NET subsystem consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-3414 Denial of Service/Remote Windows
Microsoft Windows Remote Desktop Protocol DoS (MS12-036) This modules exploits a kernel vulnerability in Microsoft Remote Desktop server by sending a sequence of specially crafted RDP packets to the target system. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2012-0173 Denial of Service/Remote Windows
Wireshark DRDA Dissector DoS The DRDA protocol dissector in Wireshark can enter an infinite loop when processing an specially crafted DRDA packet with the iLength field set to 0, causing Wireshark to stop responding. CVE-2012-3548 Denial of Service/Remote Windows, Linux
Active Directory LDAP Request Handling DoS (MS08-060) Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. CVE-2008-4023 Denial of Service/Remote Windows
HP Data Protector Manager RDS DoS The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service via a packet with a large data size to TCP port 1530. CVE-2011-0514 Denial of Service/Remote Windows
7T Interactive Graphical SCADA System ODBC Server Remote Memory Corruption DoS This module exploits a memory corruption vulnerability in the IGSS ODBC Server by sending a malformed packet to the 20222/TCP port to crash the application. NOCVE-9999-47172 Denial of Service/Remote Windows
OpenLDAP modrdn Request Multiple Vulnerabilities OpenLDAP allows remote attackers to cause a denial of service effect (service crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function within schema_init.c CVE-2010-0212 Denial of Service/Remote Mac OS X
Wireshark ENTTEC Dissector DoS This module exploits a vulnerability in the WireShark ENTTEC dissector by sending a specially crafted UDP packet. CVE-2010-4538 Denial of Service/Remote Linux, Windows
WonderWare SuiteLink slssvc.exe DoS WonderWare is supplier of industrial automation and information software solutions. According to the company's website: * one third of the world's plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil and Gas, Food and Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more The vulnerability found in Wonderware SuiteLink Service (slssvc.exe) could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet. CVE-2008-2005 Denial of Service/Remote Windows
Computer Associates eTrust Secure Content Manager DoS The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow. CVE-2011-0758 Denial of Service/Remote Windows
Microsoft Windows Schannel Heap Overflow DoS (MS14-066) This module exploits a vulnerability in "schannel.dll" by sending a crafted certificate packet to the "Internet Information Services" server via TLS protocol producing a heap overflow in the critical LSASS Windows process. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released versionin order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-6321 Denial of Service/Remote Windows
ISC DHCP Remote DoS Update This module exploits a vulnerability in ISC DHCP Server. The vulnerability is caused due to the improper handling of DHCP requests within dhcpd in the cons_options() function in options.c. This causes a stack-based buffer corruption by sending a specially crafted DHCP request specifying a maximum message size smaller than 278 bytes. This update adds support for Linux. CVE-2007-5365 Denial of Service/Remote Linux, OpenBSD
Microsoft Windows SMB Pathname Overflow DoS (MS10-012) This module exploits a vulnerability on srv.sys when it executes a rename command into shared folder using a long pathname. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0020 Denial of Service/Remote Windows
Blackmoon FTP Server PORT DoS This module shuts down the Blackmoon FTP Server because it fails to properly handle user-supplied malformed packets. CVE-2011-0507 Denial of Service/Remote Windows
SMB MS05-027 DoS By sending a specially crafted SMB packet, this exploit performs a Denial of Service attack on the target machine. CVE-2005-1206 Denial of Service/Remote Windows
Solaris ICMP Packet Remote DoS This module exploits a vulnerability in Solaris 10. The vulnerability is caused due to the improper handling of ICMP packets by the Solaris Operating System. CVE-2007-0634 Denial of Service/Remote Solaris